diff options
Diffstat (limited to 'src/lib/libssl/tls13_client.c')
| -rw-r--r-- | src/lib/libssl/tls13_client.c | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c index 22cda1e6be..5cd588875e 100644 --- a/src/lib/libssl/tls13_client.c +++ b/src/lib/libssl/tls13_client.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_client.c,v 1.48 2020/04/08 16:23:58 jsing Exp $ */ | 1 | /* $OpenBSD: tls13_client.c,v 1.49 2020/04/17 17:16:53 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -36,6 +36,8 @@ tls13_connect(struct tls13_ctx *ctx) | |||
| 36 | static int | 36 | static int |
| 37 | tls13_client_init(struct tls13_ctx *ctx) | 37 | tls13_client_init(struct tls13_ctx *ctx) |
| 38 | { | 38 | { |
| 39 | const uint16_t *groups; | ||
| 40 | size_t groups_len; | ||
| 39 | SSL *s = ctx->ssl; | 41 | SSL *s = ctx->ssl; |
| 40 | 42 | ||
| 41 | if (!ssl_supported_version_range(s, &ctx->hs->min_version, | 43 | if (!ssl_supported_version_range(s, &ctx->hs->min_version, |
| @@ -51,7 +53,11 @@ tls13_client_init(struct tls13_ctx *ctx) | |||
| 51 | if (!tls1_transcript_init(s)) | 53 | if (!tls1_transcript_init(s)) |
| 52 | return 0; | 54 | return 0; |
| 53 | 55 | ||
| 54 | if ((ctx->hs->key_share = tls13_key_share_new(NID_X25519)) == NULL) | 56 | /* Generate a key share using our preferred group. */ |
| 57 | tls1_get_group_list(s, 0, &groups, &groups_len); | ||
| 58 | if (groups_len < 1) | ||
| 59 | return 0; | ||
| 60 | if ((ctx->hs->key_share = tls13_key_share_new(groups[0])) == NULL) | ||
| 55 | return 0; | 61 | return 0; |
| 56 | if (!tls13_key_share_generate(ctx->hs->key_share)) | 62 | if (!tls13_key_share_generate(ctx->hs->key_share)) |
| 57 | return 0; | 63 | return 0; |
| @@ -560,23 +566,20 @@ tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs) | |||
| 560 | int | 566 | int |
| 561 | tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb) | 567 | tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb) |
| 562 | { | 568 | { |
| 563 | int nid; | ||
| 564 | |||
| 565 | /* | 569 | /* |
| 566 | * Ensure that the server supported group is not the same | 570 | * Ensure that the server supported group is one that we listed in our |
| 567 | * as the one we previously offered and that it was one that | 571 | * supported groups and is not the same as the key share we previously |
| 568 | * we listed in our supported groups. | 572 | * offered. |
| 569 | */ | 573 | */ |
| 570 | if (ctx->hs->server_group == tls13_key_share_group(ctx->hs->key_share)) | 574 | if (!tls1_check_curve(ctx->ssl, ctx->hs->server_group)) |
| 571 | return 0; /* XXX alert */ | 575 | return 0; /* XXX alert */ |
| 572 | if ((nid = tls1_ec_curve_id2nid(ctx->hs->server_group)) == 0) | 576 | if (ctx->hs->server_group == tls13_key_share_group(ctx->hs->key_share)) |
| 573 | return 0; | ||
| 574 | if (nid != NID_X25519 && nid != NID_X9_62_prime256v1 && nid != NID_secp384r1) | ||
| 575 | return 0; /* XXX alert */ | 577 | return 0; /* XXX alert */ |
| 576 | 578 | ||
| 577 | /* Switch to new key share. */ | 579 | /* Switch to new key share. */ |
| 578 | tls13_key_share_free(ctx->hs->key_share); | 580 | tls13_key_share_free(ctx->hs->key_share); |
| 579 | if ((ctx->hs->key_share = tls13_key_share_new(nid)) == NULL) | 581 | if ((ctx->hs->key_share = |
| 582 | tls13_key_share_new(ctx->hs->server_group)) == NULL) | ||
| 580 | return 0; | 583 | return 0; |
| 581 | if (!tls13_key_share_generate(ctx->hs->key_share)) | 584 | if (!tls13_key_share_generate(ctx->hs->key_share)) |
| 582 | return 0; | 585 | return 0; |